<?php
if(!defined('IN_INDEX'))
{
	printError("ACCESS DENIED", "This page is hidden.");
	exit;
}
if(!checkSession())
{
			function redirect($url)
			{
			?>
				<script type="text/javascript">
					{
					window.location = "<?=$url?>";
					}
				</script>
			<?php 
			}
			redirect("index.php?action=login");
	exit;
}
$dateformat = $CONFIG['date_format'];
$dateformat_long = $CONFIG['date_format_long'];
$pm['to']="";
$pm['to_id']=0;
$pm['from']="";
$pm['from_id']=0;
$pm['subject']="";
$pm['body']="";
$pm['reply']=0;
if(isset($_REQUEST['reply']))
{
	$PM_MSG = getPM($_REQUEST['reply']);
	$TO_USER = new User('id', $PM_MSG['from_id']);
	
	$pm['to_id'] = $PM_MSG['from_id'];
	$pm['subject'] = "RE: " . $PM_MSG['subject'];
	$pm['body'] = "<blockquote><b>[" . translate('quote_from') . " " . $TO_USER->getFirstname() . " " . translate('from_date') . " " . formatDate($PM_MSG['date'], '') . "]</b><br />" . $PM_MSG['body'] . "</blockquote>";
	$pm['reply'] = $PM_MSG['id'];
}
elseif(isset($_REQUEST['to']))
{
	$TO_USER = new User('id', $_REQUEST['to']);
	$pm['to_id'] = $TO_USER->getId();
}

if(isset($TO_USER))
{
	$pm['to'] = ucf($TO_USER->getFirstname()) . " " . ucf($TO_USER->getLastname()); 
}

$missing = array();
$res = false;

if(isset($_POST['pm_submit']))
{
	$pm_checked = 0;
	$pm['to_id']=$_POST['pm_to_id'];
	$pm['from_id']=$USER->getId();;
	$pm['subject']=$_POST['pm_subject'];
	
	if($_POST['pm_content'] != "")
	{
		$pm_content= $_POST['pm_content'] . "<br />" . $_POST['pm_body'];
		$pm['body']= $pm_content;
	}
	else
	{
		$pm['body']= $_POST['pm_body'];
	}
	$pm['reply']=$_POST['pm_reply'];
	
	foreach($pm as $k => $v)
	{
		if(isset($v) && $v != '' && $k != 'reply')
		{
			if($k == 'to_id')
			{
				  if(checkUserExistance('id', $v))
				  {
					  $pm_checked++;
				  }
				  else
				  {
					  $missing['to_id'] = "user_does_not_exist";
				  }
			}
			else
			{
				$pm_checked++;
			}
		}
		else
		{
			$missing[$k] = "missing";
		}
	}
	
	if($pm_checked >= 3)
	{
		$subject = str_replace("'", "&#39;", $pm['subject']);
		$body = str_replace("'", "&#39;", $pm['body']);
		
		$res = sendPM($pm['to_id'], $pm['from_id'], $subject, $body, $pm['reply']);
		//hungdd
		$TO_USER_PROFILE = new User('id',$pm['to_id']); 
	
		if($TO_USER_PROFILE->getUserEmailNotify_PM() == 1){
			$from = "Treningsplassen<treningsplassen@system.com>";
			$to = $TO_USER_PROFILE->getEmail();
			$pm_subject = translate('new_message_sent_to_user').": ". $subject;
			send($from, $to, $pm_subject, $body);
		}
		
		/*if($res)
		{
			echo "<script type=\"text/javascript\">alert('". ucf(translate('themessagewassent')) ."!');</script>";
		}*/
		
		echo "<center><br /><br /><br /><br /><br /><br /><br /><br /><br />
		<h2>" . ucfirst(translate('themessagewassent')) . "!</h2>
		<meta http-equiv=\"refresh\"content=\"1;url=index.php?action=profile&sub=pm_sent\"></center>
		<div class='fixed'>
					</div>
				</div>
				</div>
			<div class='fixed'>
			</div>
			<div id='footer'>
			<a id='gotop' href='#' onclick='MGJS.goTop();return false;'>" . translate('top') . "</a>
				<div align='center' id='copyright'>&copy; " . translate('copyrightyear') . " " . translate('header_text'). " - " .  translate('curversion') ." - <a href='index.php?action=contact'>" . translate('contact') ."</a> - <a href='index.php?action=about'>" . translate('about') . "</a> - " . translate('onlineusers'). ": " . getActiveUsers() . "<br />
                </div>";
		exit;
	}
}
?>

<!-- TinyMCE -->
<script type="text/javascript" src="jscripts/tiny_mce/tiny_mce.js"></script>
<script type="text/javascript">
tinyMCE.init({
        // General options
		language : "<?php if($USER->getLang() == 'no')
		{
			echo "no";
		}
		elseif($USER->getLang() == 'en')
		{
		 echo "en";	
		}
		else
		{
			echo "en";	
		}
		?>",
        mode : "textareas",
        theme : "advanced",
        plugins : "autolink,lists,spellchecker,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template,imagemanager",

        // Theme options
        theme_advanced_buttons1 : "save,newdocument,|,undo,redo,|,cut,copy,paste,pastetext,pasteword,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,styleselect,formatselect,fontselect,fontsizeselect|,forecolor,backcolor,|,charmap,emotions,iespell,media,advhr,|,image,insertimage",
		
        theme_advanced_buttons2 : "search,replace,bullist,numlist,|,outdent,indent,blockquote,|,link,unlink,anchor,cleanup,code,|,insertdate,inserttime,preview,|,hr,removeformat,visualaid,|,sub,sup,|,print,|,fullscreen,|,insertlayer,moveforward,movebackward,absolute,|,styleprops,spellchecker,|,cite,abbr,acronym,del,ins,attribs,|,visualchars,nonbreaking,template,blockquote,pagebreak",
		
		theme_advanced_buttons3 : "",
		
        theme_advanced_buttons4 : "",
		
        theme_advanced_toolbar_location : "top",
        theme_advanced_toolbar_align : "left",
        theme_advanced_statusbar_location : "bottom",
        theme_advanced_resizing : true,

        // Skin options
        skin : "o2k7",
        skin_variant : "silver",
});
</script>
<!-- /TinyMCE -->
<?php
//Security Check
if(isset($PM_MSG['to_id']) == $USER->getId() || isset($PM_MSG['from_id']) == $USER->getId() || isset($_REQUEST['to']) == $pm['to_id'])
{
?>
<div id='postpath'>
		<a title="<?php echo translate('gotofrontpage'); ?>" href="index.php"><?php echo translate('home'); ?></a>
        &gt; <a href="index.php?action=blogs" title='<?php echo translate('showallblogs'); ?>'><?php echo translate('blog'); ?></a> 
		&gt; <a href="index.php?action=profile&amp;id=<?php echo $USER->getId(); ?>"><?php echo ucf($USER->getFirstname()) . " " . ucf($USER->getLastname()); ?></a>
        &gt; <a href="index.php?action=profile&amp;sub=pm" title='<?php echo translate('pm'); ?>'><?php echo translate('pm'); ?></a>
        &gt; <a href="index.php?action=profile&amp;sub=pm_new" title='<?php echo translate('newprivatemessage'); ?>'><?php echo translate('newprivatemessage'); ?></a> 
</div>


<?php
if(isset($_REQUEST['pid']))
{
	include('page/profile_pm_show.php');
	//exit;
}
else
{
?>
    <br />
	<!-- PM send START -->
        <h1><a style='color:#555555;' href="index.php?action=profile&amp;sub=pm"><img src="img/pm_replied.png" height="20"  /> <?php echo translate('inbox'); ?></a> 
        <a style='color:#555555;' href="index.php?action=profile&amp;sub=pm_sent"><img src="img/pm_new.png" height="20"  /> <?php echo translate('outbox'); ?></a>
        </h1><br />
        <h1>
		<?php 
        if($pm['reply'] != "")
        {
        	echo translate('reply');
        }
		elseif($pm['to'] != '' || $pm['to'] == '')
		{
			echo translate('newprivatemessage');
        }
		 ?>
        </h1>
        
            <?php
	if($pm['reply'] != "")
		{
	?>
    <br />
	<table border="0" width="100%" cellpadding="5" cellspacing="0" style="border-top:solid thin; border-left:solid thin; border-right:solid thin; border-bottom:solid thin;">
    <tr>
    <td width="70" valign="top">
    <?php 
    if(selectAvatarPath($PM_MSG['from_id']) != "")
							{
								$profile_pic_path = $CONFIG['user_data_path'] . $PM_MSG['from_id'] . "/thumbs_" . selectAvatarPath($PM_MSG['from_id']);
								if(file_exists($profile_pic_path))
								{
									echo "<a href='index.php?action=profile&amp;id=" . $PM_MSG['from_id'] . "'><img src=\"" . $profile_pic_path . "\" alt=\"" . translate('profile_picture') . "\" class=\"profile_picture\" /></a>\n";
								}
								else
								{
									echo $profile_pic_path;
								}
							}
							else
							{
								if($USER->getGender() == "female")
								{
									echo "<a href='index.php?action=profile&amp;id=" . $PM_MSG['from_id'] . "'><img src=\"" . $CONFIG['user_data_path'] . "profile_female.gif\" height='60px' width='60px' alt=\"" . translate('profile_picture') . "\" class=\"profile_picture\" /></a>\n";
								}
								else
								{
									echo "<a href='index.php?action=profile&amp;id=" . $PM_MSG['from_id'] . "'><img src=\"" . $CONFIG['user_data_path'] . "profile_male.gif\" height='60px' width='60px' alt=\"" . translate('profile_picture') . "\" class=\"profile_picture\" /></a>\n";
								}
							}
    ?>
    </td>
    <td valign="top">
	<?php echo "<a style='color:#555555;' href=\"index.php?action=profile&id=" . $PM_MSG['from_id'] . "\"><b>" . $PM_MSG['from'] . "</b></a> - " . formatDate($PM_MSG['date'], $dateformat_long); ?><br />
	<?php echo $PM_MSG['body']; ?>
	</td>
    </tr>
    </table>
    <?php
		}
		?>
        
        <br />
        <form method="post" action="index.php?action=profile&sub=pm_new">
        <?php echo "<input type=\"hidden\" id=\"pm_id\" name=\"pm_reply\" value=\"" . $pm['reply'] . "\" />\n"; ?>
		<?php 
		if($pm['to'] == '')
		{
			echo translate('pmwarning') . " <a style='color:#555555;' href='index.php?action=blogs'>(<b>". translate('bloglist') ."</b>)</a>
			<br /><br /><b>" . translate('to') . ":</b> <input type=\"text\" id=\"pm_to\" name=\"pm_to\" value=\"\" />\n";
		}
		else
		{
			echo "<b>" . translate('to') . ":</b> <input type=\"hidden\" id=\"pm_to_id\" name=\"pm_to_id\" value=\"" . $pm['to_id'] . "\" /><b>" . $pm['to'] . "</b>";
		}

        if(isset($missing['to_id'])) 
        {
        	echo "<span class=\"error\"><-- " . translate($missing['to_id']) . "</span>";
        }

		?>
        <br /><br />
        <?php echo "<b>" . translate('subject') ."</b>"; ?>:
        <input name="pm_subject" type="text" size="50" value="<?php echo $pm['subject']; ?>"/>
        <?php 
        if(isset($missing['subject'])) 
        {
        	echo "<span class=\"error\"><-- " . translate($missing['subject']) . "</span>";
        }
        ?>
        <br />
        <?php 
        if(isset($missing['body'])) 
        {
        	echo "<span class=\"error\"><-- " . translate($missing['body']) . "</span>";
        }
        ?>
        <br />
        <?php echo "<b>" . ucf(translate('message')) ."</b>"; ?>:<br />
        <textarea name="pm_body" rows="10" cols="90"></textarea>
        <br />
         <?php
		if($pm['reply'] != "")
		{
			?>
			<input type="hidden" name="pm_content" value="<?php echo "<blockquote><b>[" . $PM_MSG['from']  . " " . formatDate($PM_MSG['date'], $dateformat_long) . "]</b><br />". strip_tags($PM_MSG['body']) . "</blockquote>"; ?>" />
			<?php 
		} 
		else
		{
		 ?>
		 	<input type="hidden" name="pm_content" value="" />
		 <?php 
		}?>
        <?php 
		if($pm['to'] != '' || $pm['from_id'] != "")
		{
		?>
		<input type="submit" name="pm_submit" style="font-weight:bold;" value=" <?php echo ucf(translate('sendmessage')); ?> " />
        <?php    
        }
		 ?>
        </form>
    <!-- PM send END -->
		<?php
}
}
else
{
 //echo "<meta http-equiv=\"refresh\"content=\"0;url=index.php?action=profile&sub=pm\">";	
}
?>